UbuntuUpdates.org

Package "libiberty-dev"

Name: libiberty-dev

Description:

library of utility functions used by GNU programs
Latest version: 20160215-1ubuntu0.3
Release: xenial (16.04)
Level: updates
Repository: main
Head package: libiberty
Homepage: http://gcc.gnu.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libiberty-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libiberty-dev" in Xenial

Repository Area Version
base main 20160215-1
security main 20160215-1ubuntu0.3

Changelog

Version: 20160215-1ubuntu0.3 2020-04-08 17:06:27 UTC

  libiberty (20160215-1ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: stack Exhaustion in C++ demangling
    - debian/patches/CVE-2018-9138.patch: limit recusion and add
      --no-recruse-limit option to tools that support name demangling.
    - debian/patches/CVE-2018-9138-2.patch: fix a failure in the libiberty
      testsuite by increasing the recursion limit to 2048.
    - CVE-2018-9138
    - CVE-2018-12641
    - CVE-2018-12697
    - CVE-2018-12698
    - CVE-2018-17794
    - CVE-2018-17985
    - CVE-2018-18484
    - CVE-2018-18700
    - CVE-2018-18701
  * SECURITY UPDATE: excessive memory consumption
    - debian/patches/CVE-2018-12934.patch: remove support for demangling
      GCC 2.x era mangling schemes.
    - CVE-2018-12934
    - CVE-2018-18483
  * SECURITY UPDATE: stack consumption and heap-based buffer over-read
    - debian/patches/CVE-2019-907x.patch: reject negative lengths and add
      recursion counter.
    - CVE-2019-9070
    - CVE-2019-9071
  * SECURITY UPDATE: integer overflow and heap-based buffer overflow
    - debian/patches/CVE-2019-14250.patch: check zero value shstrndx.
    - CVE-2019-14250

 -- Marc Deslauriers <email address hidden> Wed, 01 Apr 2020 11:39:51 -0400
Source diff to previous version
CVE-2018-9138 An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling
CVE-2018-12641 An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling
CVE-2018-12697 A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as
CVE-2018-12698 demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka
CVE-2018-17794 An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_
CVE-2018-17985 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cp
CVE-2018-18484 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functio
CVE-2018-18700 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting
CVE-2018-18701 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting
CVE-2018-12934 remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OO
CVE-2018-18483 The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (ma
CVE-2019-9070 An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c
CVE-2019-9071 An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-dema
CVE-2019-14250 An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a ze

Version: 20160215-1ubuntu0.2 2017-07-26 18:06:48 UTC

  libiberty (20160215-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: integer overflow in string_appends
    - debian/patches/CVE-2016-2226.patch: check for overflow in
      libiberty/cplus-dem.c.
    - CVE-2016-2226
  * SECURITY UPDATE: use-after-free vulberabilities
    - debian/patches/CVE-2016-4487_4488.patch: set bsize and ksize in
      libiberty/cplus-dem.c, added test to
      libiberty/testsuite/demangle-expected.
    - CVE-2016-4487
    - CVE-2016-4488
  * SECURITY UPDATE: integer overflow in gnu_special
    - debian/patches/CVE-2016-4489.patch: handle case where consume_count
      returns -1 in libiberty/cplus-dem.c.
    - CVE-2016-4489
  * SECURITY UPDATE: integer overflow after sanity checks
    - debian/patches/CVE-2016-4490.patch: parse numbers as integer instead
      of long in libiberty/cp-demangle.c, added test to
      libiberty/testsuite/demangle-expected.
    - CVE-2016-4490
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2016-4491-1.patch: limit recursion in
      include/demangle.h, libiberty/cp-demangle.c, libiberty/cp-demint.c,
      added test to libiberty/testsuite/demangle-expected.
    - debian/patches/CVE-2016-4491-2.patch: limit more recursion in
      libiberty/cp-demangle.c.
    - debian/patches/CVE-2016-4491-3.patch: initialize d_printing in
      libiberty/cp-demangle.c.
    - CVE-2016-4491
  * SECURITY UPDATE: buffer overflow in do_type
    - debian/patches/CVE-2016-4492_4493.patch: properly handle large values
      and overflow in libiberty/cplus-dem.c, added test to
      libiberty/testsuite/demangle-expected.
    - CVE-2016-4492
    - CVE-2016-4493
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2016-6131.patch: prevent infinite recursion in
      libiberty/cplus-dem.c, added test to
      libiberty/testsuite/demangle-expected.
    - CVE-2016-6131

 -- Marc Deslauriers <email address hidden> Mon, 12 Jun 2017 12:43:14 -0400
CVE-2016-2226 Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executabl
CVE-2016-4487 Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, r
CVE-2016-4488 Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, r
CVE-2016-4489 Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a c
CVE-2016-4490 Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted bina
CVE-2016-4491 The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a cra
CVE-2016-4492 Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and cras
CVE-2016-4493 The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of serv
CVE-2016-6131 The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the ref


About   -   Send Feedback to @ubuntu_updates